COMPUTER SCIENCE – GRADE 11

UNIT 1: COMPUTER SYSTEMS

Comprehensive Exam-Ready Notes + Full Exercise Solutions
Based on National Curriculum of Pakistan 2022–23 | NBF Textbook Grade 11
Pages 1–65 • Chapter 1 Complete
UNIT 1: COMPUTER SYSTEMS — CHAPTER OVERVIEW
Chapter 1 of your Grade 11 Computer Science textbook covers five major topic areas. Understanding
each topic deeply and being able to connect them will help you excel in both short questions and long
essay-type answers.

LEARNING OBJECTIVES (What You Must Be Able to Do)

✔ Understand and apply logic gates in digital systems; define and create truth tables using
AND, OR, NOT, NAND, XOR, NOR, XNOR.
✔ Understand and evaluate stages of SDLC (analysis, design, coding, testing, etc.) and
software development methodologies.
✔ Understand and explain scalability and reliability of networking systems via network
topology.
✔ Understand and explain the need for cybersecurity; contrast different methods of
encryption.
1.1 Data Representation in a Digital Computer
📌 Digital Computer: An electronic machine consisting of millions of electronic switches that
operate at very low voltage, representing data using only two states: ON (1) and OFF (0).

How Data is Stored — Binary System

Every piece of information inside a computer — a letter, a number, a colour in an image — is ultimately
stored as a sequence of 0s and 1s. This works because electronic switches have exactly two possible
states: current flows (ON = 1) or no current flows (OFF = 0). The binary number system perfectly
matches this two-state reality.

📌 Bit: A binary digit — either 0 or 1. The smallest unit of data in a computer.

📌 Binary Code: A group of 1s and 0s used to represent data. For example, the binary code
1000100 may represent the letter 'D'.

Alphanumeric Codes
Computers must recognise codes that represent numbers, letters, and special characters. These are
called alphanumeric codes and include:
• Lower-case letters: a to z
• Upper-case letters: A to Z
• Numeric digits: 0 to 9
• Special characters: %, $, &, #, +, etc.

📌 ASCII (American Standard Code for Information Interchange): The most commonly
used alphanumeric code. It uses 7 bits (or 8 bits in extended form) to represent each
character. With 7 bits, ASCII can represent 2⁷ = 128 unique characters.

Logic Voltage Levels

The circuitry of a digital computer works on DC voltage with only two possible values:
• Logic 0 (LOW) = 0 Volts (or range: 0V to +0.8V)
• Logic 1 (HIGH) = +5 Volts (or range: +2V to +5V)
Circuits that operate on these signals are called digital logic circuits.
1.2 Analog and Digital Signals
📌 Analog Signals: Continuous signals that vary smoothly over time. They can take any
value within a given range and are represented by a continuous waveform.

Examples of Analog Signals:

• Analog audio from cassette tapes
• VHS video signals
• Human speech
• Analog temperature readings
• Analog voltage signals

📌 Digital Signals: Discrete, binary signals that represent data using a series of discrete
values — typically 0 (low voltage / absence of signal) and 1 (high voltage / presence of
signal).

Examples of Digital Signals:

• Binary code (0s and 1s)
• Digital audio (MP3 files)
• Digital images (JPEG files)
• Digital video (MP4 files)
• Digital data in computers

Comparison: Analog vs. Digital Signals

Feature Analog Signals Digital Signals
Signal Nature Continuous, infinite values Discrete, limited values (0 or 1)
within a range
Noise Susceptibility Highly susceptible to noise & More resistant to noise &
interference interference
Signal Degradation Degrades over long distances Transmitted over long distances
with less degradation
Storage/Reproduction Prone to quality loss during Can be copied without quality
copying loss
Scalability Not easily scalable Easily scalable
Processing Complexity Analog processing is often more Digital processing is typically
complex more straightforward
Examples Analog audio, analog Digital audio signals, digital
temperature readings images
1.3 Digital Logic and Logic Gates
Digital logic is fundamental in creating electronic devices such as calculators, computers, and digital
watches. It is used to create digital circuits consisting of large numbers of logic gates.

📌 Logic Gate: A building block of digital circuits. A logic gate performs a specific logical
function on one or more logic inputs (LOW/HIGH) and produces a single output (LOW = 0 or
HIGH = 1).

1.3.1 Logic Gates and Their Truth Tables

A truth table shows every possible combination of inputs and the resulting output for a logic gate. The
commonly used gates are: AND, OR, NOT, NAND, NOR, XOR, XNOR.

AND Gate
The output is HIGH (1) ONLY when ALL inputs are HIGH (1). The mathematical expression for a two-
input AND gate is F = x·y.
AND Gate Truth Table (2 inputs)
x | y | F = x·y
0 | 0 | 0
0 | 1 | 0
1 | 0 | 0
1 | 1 | 1 ← Only this row gives 1

OR Gate
The output is HIGH (1) when ANY input is HIGH (1). Mathematical expression: F = x+y (+ here means
OR, not addition). For three inputs: F = x+y+z.
OR Gate Truth Table (2 inputs)
x | y | F = x+y
0 | 0 | 0 ← Only this row gives 0
0 | 1 | 1
1 | 0 | 1
1 | 1 | 1

NOT Gate (Inverter)

Single-input gate. Converts LOW to HIGH and HIGH to LOW — it inverts the input. Expression: F = x̄ (x
with a bar/complement). Also called an inverter.
NOT Gate Truth Table
 x | F = x̄
0 | 1
1 | 0

NAND Gate
Combines AND and NOT. The output is 0 ONLY when ALL inputs are 1. Expression: F = x̄ ·ȳ (AND
result inverted). NAND always produces the inverse (opposite) of AND.
NAND Gate Truth Table (2 inputs)
x | y | F = NOT(x·y)
0 | 0 | 1
0 | 1 | 1
1 | 0 | 1
1 | 1 | 0 ← Only this row gives 0

NOR Gate
Combines OR and NOT. The output is 0 when ANY input is 1. Expression: F = x̄ +ȳ (OR result inverted).
NOR always gives the inverse of OR.
NOR Gate Truth Table (2 inputs)
x | y | F = NOT(x+y)
0 | 0 | 1 ← Only this row gives 1
0 | 1 | 0
1 | 0 | 0
1 | 1 | 0

XOR Gate (Exclusive-OR)

Output is 1 ONLY when the two inputs are DIFFERENT. Expression: F = x̄ y + xȳ. The XOR gate
symbol is like the OR gate but with an extra curved line at the input.
XOR Gate Truth Table (2 inputs)
x | y | F = x XOR y
0 | 0 | 0
0 | 1 | 1 ← Inputs different → 1
1 | 0 | 1 ← Inputs different → 1
1 | 1 | 0
1.3.2 Truth Table
A truth table represents a Boolean function or digital logic circuit in table form. It shows how a logic
circuit's output responds to all possible combinations of the inputs (using 1 for HIGH/TRUE and 0 for
LOW/FALSE).

Properties of a Truth Table

• Consists of rows and columns.
• Shows the relationship between inputs and output from a Boolean function.
• Shows output for all possible combinations of inputs (0 for LOW, 1 for HIGH).
• All combinations of inputs are listed in columns on the left (in binary counting order).
• Number of rows = 2ⁿ, where n = number of input variables (e.g., 2 inputs → 4 rows; 3 inputs →
8 rows).
1.3.3 Boolean Identities (Laws of Boolean Algebra)
Boolean identities are mathematical expressions that are always true, regardless of variable values.
They are essential for simplifying Boolean expressions and analysing digital circuits.

Law/Identity AND Form (·) OR Form (+)

Identity Law A·1=A A+0=A
Domination Law (Null) A·0=0 A+1=1
Idempotent Law A·A=A A+A=A
Complement Law A·Ā=0 A+Ā=1
Double Complement Ā̄ = A Ā̄ = A
Commutative Law A·B=B·A A+B=B+A
Associative Law (A·B)·C = A·(B·C) (A+B)+C = A+(B+C)
Distributive Law A·(B+C) = A·B + A·C A+(B·C) = (A+B)·(A+C)
Absorption Law A·(A+B) = A A+(A·B) = A
De Morgan's Law NOT(A·B) = Ā+B̄ NOT(A+B) = Ā·B̄

1.3.4 Boolean Function and its Conversion to Logic Circuit

📌 Boolean Function: An expression formed with binary variables, logical operators (OR,
AND, NOT), parentheses, and an equal sign. A binary variable takes the value 0 or 1, and
for given variable values, the function is either 0 or 1.

A Boolean function can be transformed from an algebraic expression into a logic circuit
composed of AND, OR, and NOT gates. The key rules are:
• Each variable with a complement (bar) needs a NOT gate.
• Each AND operation (·) needs an AND gate.
• Each OR operation (+) needs an OR gate.
• Build the circuit from the innermost operations outward.

Circuit Conversion Examples

F1 = xyz̄ → 1 AND gate + 1 NOT gate (for z̄ )
F2 = x + ȳz → 1 NOT gate (for ȳ) + 1 AND gate (ȳ·z) + 1 OR gate (x + ȳz)
F3 = xy + xz → 2 AND gates + 2 NOT gates (for x̄ , ȳ) + 1 OR gate
F4 = x̄ ȳz + xȳz + xy → 3 AND gates + 2 NOT gates (x̄ , ȳ) + 1 OR gate (3 inputs)
1.3.5 Simplification of Boolean Functions Using Karnaugh Map (K-Map)
📌 Karnaugh Map (K-Map): Introduced by Maurice Karnaugh in 1953. A pictorial form of a
truth table used to simplify Boolean functions. Simplified Boolean functions require fewer
logic gates → lower cost.

Structure of K-Maps
• A 2-variable K-map has 2² = 4 cells (2 rows × 2 columns).
• A 3-variable K-map has 2³ = 8 cells (2 rows × 4 columns).
• Each cell contains a product term (minterm) of all variables.
• Rows/columns are labelled in Gray code order (00, 01, 11, 10) — NOT binary order.

Rules for 2-Variable K-Map Simplification

1. For each term of the function, place 1 in the corresponding cell.
2. Make groups of two cells that contain 1. Groups may be horizontal or vertical but NOT diagonal.
3. Groups may overlap.
4. Eliminate the variable that appears in both normal and complemented form in a group.
5. Write the simplified function as the sum of variables NOT eliminated.
6. If two 1s are in diagonal cells → no group can be formed → function cannot be simplified.

Rules for 3-Variable K-Map Simplification

7. For each term of the function, place 1 in the corresponding cell.
8. Form groups of FOUR if possible; otherwise form groups of TWO.
9. Groups can contain only 1s.
10. Groups can be horizontal or vertical.
11. Groups can OVERLAP and WRAP AROUND the sides of the K-map.
12. Try to include each 1 in at least one group.
13. Eliminate variables that appear in both normal and complemented form in a group.
14. Write the simplified function as the sum of resulting terms. If a cell with 1 cannot be grouped,
write its full 3-variable term.

Key Insight — Why Grouping Works

When a variable appears in both normal (A) and complemented (Ā) form in a group, it means
that variable has NO effect on the output → it can be eliminated.
Larger groups → more variables eliminated → simpler expression.
Group of 2: eliminates 1 variable | Group of 4: eliminates 2 variables | Group of 8: eliminates
3 variables.
1.3.7 Principle of Duality in Boolean Algebra
📌 Principle of Duality: For any Boolean expression/function, a dual expression can be
obtained by: (1) Interchanging AND (·) and OR (+) operators, AND (2) Replacing 0s with 1s
and 1s with 0s (complementing constants).

Duality highlights the symmetry between AND/OR operations and 0/1 constants. It confirms that
Boolean laws come in pairs.
Original Expression Dual Expression
A·B=B·A A+B=B+A
X · (Y · Z) = (X · Y) · Z X + (Y + Z) = (X + Y) + Z
A · (A + B) = A A + (A · B) = A
A·1=A A+0=A
A·0=0 A+1=1

1.3.8 Uses of Logic Gates

Logic gates are essential components in digital electronics and computing. They are used in:
• Memory Circuits: Flip-flops and latches (built from logic gates) store binary data. A flip-flop
stores 1 bit and is fundamental in sequential logic and memory elements.
• Clock Synchronization: Help synchronise signals in digital systems.
• Data Encoding and Decoding: Used in communication systems for encoding/decoding data.
• Multiplication and Division: Complex arithmetic operations via combinations of logic gates.
• Digital Signal Processing (DSP): Filtering, modulation, and demodulation.
• Data Encryption and Decryption: Cryptographic algorithms use logic gates.
• Calculator Circuits: Basic arithmetic in calculators.
• Traffic Light Control: Managing traffic flow.
• Robotics: Controlling movement and decision-making.
• Security Systems: Access control, alarms, surveillance.
• Automotive Electronics: Engine control, airbag deployment, ABS.
• Home Automation: Smart home lighting and temperature control.
• Medical Devices: Monitoring and controlling functions.
• Aerospace Applications: Navigation, autopilots, guidance systems.
1.4 Software Development Life Cycle (SDLC)
📌 SDLC: The process of planning, writing, modifying, and maintaining software. It provides
models and methodologies that guide experts in developing systems. The term 'life cycle'
was first used in the 1950s to describe stages in developing a new computer system.

1.4.1 Phases of SDLC

There are 11 phases in the SDLC:

Phase Key Activities & Description Example (Exam System)

1. Defining the Clearly define the problem or system to be Students' Examination System:
Problem developed. Document all requirements Define what the system should
(product requirements) approved by the cover — from exam-taking to
customer. result generation.

2. Planning Identify project goals; assess resources Set ultimate goals; estimate
(personnel + costs); conceptualise the new resources and costs for the
product; organise data into a project plan Exam System project.
presented to management.
3. Feasibility Study Analyse and evaluate whether the proposed Evaluate whether existing
system is technically, financially, legally, hardware/software can support
and operationally feasible within estimated the Exam System.
cost and time. Types: Technical, Economic,
Operational, Legal, Schedule Feasibility.
4. Analysis Determine end-user requirements (often via Visit the college to study the
focus groups). Decide whether project existing system; suggest
should proceed. Look at the existing system possible improvements.
— what it does and how.
5. Requirement Gather, analyse, document, and manage Compile a detailed list of
Engineering requirements. Consists of: Requirement functional and non-functional
Gathering (interviews, surveys, observation, requirements for the Exam
document analysis), Requirement System.
Validation, Requirements Management.
6. Design Plan system architecture; create detailed Create algorithms and
specifications from requirements. Uses flowcharts to calculate student
UML (Unified Modelling Language) and percentage marks and results.
Design Patterns. Key outputs: Algorithms
and Flowcharts.
7. Translate design into actual code using Developers write code for the
Development/Codin programming languages. Develop database Exam System's database, data
g structures and user interface screens. flow, and UI.
Iteratively process test data.
8. Execute programming modules to detect Test percentage-calculation
Testing/Verification bugs. Ensure software matches required code using both valid and
specifications. Black Box Testing (no invalid input values.
knowledge of code) and White Box Testing
(full code access). Removing bugs =
Debugging.
9. Make software accessible. Includes Deploy the Exam System; train
Deployment/Implem installation, training users, and conversion library/exam staff.
entation (switching from old to new system).
Methods: Direct, Parallel, Phased, Pilot.
10. Documentation Develop user documentation, system Create user manuals and
architecture docs, and code documentation. technical documentation for the
Essential for diagnosing errors and future Exam System.
maintenance.
11. Monitor system performance continuously. Regular updates to Exam
Maintenance/Suppo Incorporate needed modifications. Types: System based on user feedback
rt Corrective Maintenance (fixing and changing regulations.
undiscovered errors) and Perfective
Maintenance (enhancing functionality).

Deployment/Implementation Methods (Important for Exams!)

Method Description & When to Use
Direct (Cutover) Old system entirely and immediately replaced
by new system. Abrupt transition. Use when:
quick transition needed, old system obsolete.
Parallel Both old and new systems run simultaneously
for a period. Identify issues in new system
without risking data loss. Use when: high
accuracy is critical.
Phased Gradual, incremental introduction of new
system while progressively phasing out old
one. Use when: large system with modular
structure.
Pilot New system deployed for a small user group
first. Feedback gathered. Then rolled out to all
users. Use when: testing feasibility on smaller
scale first.
1.4.2 Software Development Models
Software Development Models provide structured frameworks for managing software projects. The two
most common models are the Waterfall Model and the Agile Model.

Waterfall Model
📌 Waterfall Model: A sequential (linear) development approach where development flows
steadily downward through phases — like a waterfall. The most popular process model. Best
when requirements are well-defined from the start.

The six phases always follow in order and do NOT overlap:

15. Requirements
16. Design
17. Development
18. Testing
19. Deployment
20. Maintenance

Advantages of Waterfall Disadvantages of Waterfall

Suitable for projects with pre-defined, stable Inflexible to changes — mid-project
requirements adjustments are difficult
Easy to understand and implement Long delivery times (entire project must finish
before delivery)
Each phase's activities are clearly defined High risk of project failure due to late client
visibility
Release date and final cost estimated before Late defect detection — testing happens
development toward the end
Easy to assign tasks to team members Not suitable for complex projects with uncertain
requirements
All processes and results are well documented Client does not see working software until late
in development

Agile Model
📌 Agile Model: An iterative and incremental development approach emphasising flexibility,
collaboration, and continuous customer feedback. Software is developed in rapid
incremental cycles (sprints). Tasks are broken into smaller iterations without long-term rigid
planning.

The six phases of Agile (iterative, not strictly sequential):

21. Requirements Gathering (continuous, collaborative)
22. Planning (sprint-based, dynamic)
 23. Design (adaptive, iterative)
24. Implementation (incremental, sprint-based)
25. Testing (continuous, parallel with development)
26. Deployment + Maintenance (incremental delivery, sprint reviews)

Advantages of Agile Disadvantages of Agile

Flexible and adaptable — evolving Dependent on constant customer availability
requirements are handled well
Continuous client involvement ensures higher Risk of scope creep due to flexibility in
satisfaction accommodating changes
Early and incremental delivery of functional Coordination challenges with larger team sizes
product
Continuous improvement through regular Limited emphasis on documentation
demonstrations
Improved communication and collaboration Not ideal for projects with stable, well-defined
among team requirements

Waterfall vs. Agile — Key Comparison

Feature Waterfall Model Agile Model
Approach Sequential / Linear Iterative / Incremental
Flexibility Inflexible — changes costly mid- Highly flexible — changes
project welcome anytime
Customer Involvement Mainly at start and end Continuous throughout the
project
Documentation Extensive documentation Minimal documentation; working
required software priority
Testing After coding phase is complete Continuous — parallel with
development
Delivery Final delivery at project end Incremental delivery after each
sprint
Best For Well-defined, stable Complex projects with evolving
requirements requirements
1.5 Network Topology
📌 Network Topology: A systematic arrangement of computers and other devices (called
Nodes) in a network. It defines how computers, servers, switches, routers, and storage
devices are connected and set up to share data and resources.

There are two approaches to network topology:

• Physical Topology: Refers to the physical connections and interconnections between nodes —
the actual wires, cables, and hardware.
• Logical Topology: Conceptual/abstract understanding of how and why the network is arranged
the way it is, and how data moves through it.

1.5.1 Types of Network Topologies

The most commonly used topologies are: Bus, Star, Ring, Mesh, Tree, and Hybrid.

Bus Topology
📌 Bus Topology: All devices are connected to a single cable or line (the 'bus') running
through the entire network. Data travels along the single cable. Uses CSMA/CD (Carrier
Sense Multiple Access with Collision Detection) via Ethernet protocol.

Advantages:
• Easy to install and maintain (all nodes on one cable)
• Cost-effective — no need for multiple cables or switches
• Fast data transmission on the shared cable
• Easy to expand by adding nodes to the cable
Disadvantages:
• All nodes share the same bandwidth → network congestion
• If the main cable is damaged, the entire network fails
• Only one device can transmit at a time
Applications:
• Small office networks
• Home networks

Star Topology
📌 Star Topology: Every device is linked to a central hub or switch. The most widely used
topology. Devices are categorised as clients (computers, laptops) or servers (provides
services).

Advantages:
• Easy to install (all nodes connect directly to hub/switch)
• Reliable — failure of one node does not affect others
 • High performance due to dedicated links
Disadvantages:
• More expensive (requires a hub/switch)
• If the central hub/switch fails, the entire network goes down
Applications:
• Corporate office networks
• Campus networks
• Home networks

Mesh Topology
📌 Mesh Topology: Every node establishes connections with ALL other nodes. Provides
maximum redundancy and reliability. Common in wireless networks.

Advantages:
• High redundancy — if one node fails, others continue
• Very reliable due to multiple redundant connections
• Highly flexible and scalable
Disadvantages:
• Expensive — requires many cables/links
• Complex to set up due to multiple connections
Applications:
• Corporate networks
• Military applications
• Wireless applications

Tree Topology (Hierarchical)

📌 Tree Topology (Hierarchical): A hierarchical or tree-like layout — similar to star topology
but with multiple hubs/switches arranged hierarchically. Has a 'Root node' at the top.
Advantages:
• Highly scalable — add/remove nodes without disrupting network
• Reliable due to redundant connections between nodes
• Cost-effective — efficient data transmission
Disadvantages:
• Complex to install (multiple connections)
• Difficult to troubleshoot (multiple data paths)
Applications:
• Large corporate environments with departmental hierarchy

Ring Topology
📌 Ring Topology: All devices connected in a circular loop. Data travels in one direction
through each device until it reaches its destination. Uses Token Ring protocol — only the
device holding the 'token' can transmit. FDDI (Fiber Distributed Data Interface) = Dual Ring
 network (data travels both directions).

Advantages:
• Reliable — each device has alternate route in case of failure
• Cost-effective — no complex wiring
Disadvantages:
• Limited bandwidth — all devices share the same path → bottlenecks
• If the ring is broken/disrupted, entire network may fail
• Difficult to troubleshoot
Applications:
• Local Area Networks (LANs)
• Fiber-optic networks (dual ring)

Hybrid Topology
📌 Hybrid Topology: Combines elements from multiple topologies (star, tree, ring, bus) to
create an interconnected network with multiple data pathways. Used in large-scale networks.

Advantages:
• Flexible and adaptable to network changes
• Higher reliability — multiple data pathways
• Highly scalable
• Enhanced security (multiple protection layers)
• Reduces overall cost by combining efficient topologies
Disadvantages:
• Complex to set up and maintain
• Troubleshooting is challenging (many data pathways)
Applications:
• Large-scale industrial applications
• Process control systems
• Military applications
1.5.2 Scalability and Reliability of Network Topologies
Scalability refers to a network's ability to handle increasing workloads. Reliability refers to consistent
performance and uptime. Both are influenced by the choice of topology.

Topology Scalability Reliability

Bus Not highly scalable — signal Less reliable — a cable break
degrades as devices added; disables the entire network
needs repeaters
Star Moderately scalable — add Relatively reliable — failure of
devices to hub; hub capacity one node doesn't affect others;
can be a bottleneck hub failure = total failure
Ring Moderately scalable — adding Highly reliable (data travels both
devices becomes complex to ways in dual ring); one device
manage failure doesn't stop network
Mesh Highly scalable — devices Highly reliable — redundant
added easily; multiple paths paths ensure data finds
reduce congestion alternate routes on failure
Hybrid Highly scalable — combines Reliability varies; mesh
strengths of multiple topologies components enhance
redundancy

1.5.3 Testing Scalability and Reliability of a Network

Scalability Testing Methods
• Load Testing: Evaluate performance under heavy traffic using tools like Apache JMeter,
LoadRunner, or [Link] — simulates many users/devices simultaneously.
• Stress Testing: Push network beyond capacity to identify breaking points; gradually increase
load until significant latency or failure occurs.
• Scalability Testing: Add resources (servers, switches, routers) and measure ability to handle
increased demand. Test horizontal (more instances) and vertical (upgrade existing) scalability.
• Benchmarking: Compare network performance against industry standards or competitors.
• Realistic Scenarios: Use real-world usage scenarios; consider peak traffic and growth
projections.
• Performance Monitoring: Implement monitoring tools to continuously monitor scalability in
production.

Reliability Testing Methods

• Availability Testing: Simulate hardware failures, network congestion, server crashes. Measure
recovery time.
• Redundancy Testing: Evaluate effectiveness of load balancing, failover, and backup systems.
• Disaster Recovery Testing: Test data/service restoration plans for disastrous failures or data
breaches.
• Fault Tolerance Testing: Intentionally inject faults and observe how network responds.
• Security Testing: Penetration testing and vulnerability assessments.
• Load Balancing Testing: Verify even traffic distribution to prevent overloading.
 • Continuous Monitoring: Detect anomalies in real-time; enable preemptive maintenance.

1.5.4 Cloud Computing

📌 Cloud Computing: A technology model that provides access to computing resources and
services over the internet, rather than owning physical hardware and infrastructure. Users
access servers, storage, databases, networking, software, and analytics via the internet.

Key Characteristics of Cloud Computing

• On-Demand Self-Service: Users provision resources without human intervention from providers.
• Broad Network Access: Services accessible via internet on various devices.
• Resource Pooling: Computing resources shared and dynamically adjusted among multiple
customers.
• Rapid Elasticity: Resources scaled up/down quickly to accommodate demand changes.
• Measured Service: Usage monitored, controlled, and billed based on actual usage.
• Security: Encryption, identity and access management, compliance with industry standards.

Cloud Service Models (3 Types)

Model Full Name What It Provides
IaaS Infrastructure as a Service Virtualised computing resources
(VMs, storage, networks) via
internet
PaaS Platform as a Service Platform with tools/frameworks
for app development without
managing underlying
infrastructure
SaaS Software as a Service Software applications delivered
via internet on subscription
basis (no local install needed)

Cloud Deployment Models (4 Types)

Deployment Model Description
Public Cloud Resources owned/operated by a third-party
cloud provider; available to the general public.
E.g., AWS, Azure, Google Cloud.
Private Cloud Resources used exclusively by one
organisation; more control and customisation.
Hybrid Cloud Combines public and private cloud; data and
apps shared between them.
Community Cloud Infrastructure shared by organisations with
common interests (e.g., regulatory
requirements).
Examples of Cloud Computing Services
• Amazon Web Services (AWS): Computing, storage, databases, machine learning, etc.
• Microsoft Azure: Computing, analytics, storage, networking.
• Google Cloud Platform (GCP): Computing, machine learning, data analytics.
• IBM Cloud: IaaS, PaaS, SaaS, and hybrid cloud solutions.

Scalability in Cloud Computing

• Horizontal Scalability (Scaling Out): Increasing the NUMBER of servers/instances. Distributes
workload. Ideal for high availability and near-zero downtime. Quicker and easier than vertical
scaling.
• Vertical Scalability (Scaling Up): Increasing CAPACITY of a single server (more CPU, RAM,
disk). Improves performance but has physical limits. Can be costly and may require downtime.

Reliability in Cloud Computing

Reliability = ability to consistently deliver intended functionality and maintain uptime ('high availability').
Key components: Redundancy, Fault Tolerance, Disaster Recovery, and Failover Mechanisms.
1.6 Cybersecurity
📌 Cybersecurity: The protection of internet-connected systems — computers, servers,
mobile devices, electronic systems, networks, and data — from malicious attacks. Also
known as information technology (IT) security or electronic information security.

1.6.1 Importance of Cybersecurity

Cybersecurity is vital for organisations of all sizes due to increasing technology use across government,
education, hospitals, and businesses. Key reasons cybersecurity matters:
• a) Protecting Sensitive Data: Safeguards personal information, financial data, and intellectual
property from unauthorised access and theft.
• b) Prevention of Cyber Attacks: Prevents Malware, Ransomware, Phishing, and DDoS attacks
that cause disruptions and financial losses.
• c) Safeguarding Critical Infrastructure: Protects power grids, transportation, healthcare, and
communication networks from cyber threats.
• d) Maintaining Business Continuity: Prevents attacks that cause lost revenue, reputational
damage, or business shutdown.
• e) Compliance with Regulations: Ensures organisations meet data protection regulations; avoids
fines and legal action.
• f) Protecting National Security: Guards critical infrastructure, government systems, and military
installations against cyber warfare.
• g) Preserving Privacy: Protects personal information from unauthorised access and
surveillance.

1.6.2 Cybersecurity Threats

Cybersecurity threats are harmful acts by individuals/groups with destructive intent — targeting IT
assets, networks, intellectual property, or sensitive data.

Malware (Malicious Software)

Malware is software specifically designed to harm or exploit computer systems. Types:
• Viruses: Malicious code that attaches to legitimate programs and spreads when the infected
program is executed.
• Worms: Self-replicating malware that spreads across networks WITHOUT user intervention.
• Trojans: Software that appears legitimate but hides malicious functions (e.g., remote control,
data theft).
• Ransomware: Encrypts files or entire systems; demands a ransom for decryption keys.
Payment does NOT guarantee data recovery.
• Spyware: Collects user information without their knowledge — often for advertising or
surveillance.
Phishing
A social engineering attack where cybercriminals impersonate trusted entities to deceive users into
revealing sensitive information (login credentials, credit card details). Types:
• Spear Phishing: Targeted phishing directed at specific individuals/organisations using
personalised information.
• Email Phishing: Deceptive emails appearing from legitimate sources, encouraging users to click
malicious links or download infected attachments.

DoS and DDoS Attacks

• DoS (Denial of Service): A single attacker floods the target with traffic, making it inaccessible to
legitimate users.
• DDoS (Distributed Denial of Service): Multiple compromised devices coordinate to flood the
target — much harder to mitigate.

Ransomware
Encrypts victim's data; demands ransom for decryption key. Can lead to data loss, financial losses, and
operational disruptions. Payment does NOT guarantee data recovery.

Insider Threats
Threats from individuals within an organisation (employees, contractors, business partners) who
misuse their access for malicious purposes — e.g., sharing sensitive data with external parties.

Cloud Security Threats

Risks and vulnerabilities that compromise security of data, applications, and infrastructure in cloud
environments. Increasingly important as hybrid and multi-cloud environments require extensive
monitoring.

1.6.3 Protection Against Cyber Threats

Protection Method Description
Strong Passwords At least 12 characters; mix of uppercase,
lowercase, numbers, special characters;
unpredictable; unique per account. E.g.,
P@sswOrd$Secur3!
Keep Software Updated Regularly update OS, apps, and security tools
to patch known vulnerabilities. Outdated
software is an easy malware target.
2FA (Two-Factor Authentication) Requires two forms of verification: something
you KNOW (password) + something you HAVE
(OTP from mobile app). E.g., banking login with
password + OTP.
Be Wary of Suspicious Emails Avoid unsolicited emails asking for
personal/financial information; don't click
suspicious links or open unknown attachments.
 Educate Yourself Stay informed about cybersecurity threats and
best practices through blogs and training
programs.
Firewalls Network security devices/software that monitor
and control incoming/outgoing traffic. Establish
a barrier between trusted internal network and
untrusted external networks (e.g., internet).
Block traffic from unknown/suspicious IP
addresses.
Antivirus and Anti-malware Software Detect, quarantine, and remove malicious
software. Provide real-time file scanning.
Encryption Transforms plaintext data into unreadable
cipher text. Only authorised parties with the
decryption key can read the data.
Backup and Disaster Recovery Regular data backups ensure critical data can
be restored after a cyberattack. Minimises
downtime and data loss.
Cryptography Scientific approach of securing information
using mathematical algorithms. Ensures data
confidentiality, integrity, and authentication.

📌 Cryptography vs. Encryption: Cryptography is the SCIENCE of concealing messages

with secret codes (studying methods to keep messages secret). Encryption is the PROCESS
of encrypting and decrypting data. Cryptography is broader; encryption is a subset of
cryptography.

1.6.4 Encryption
📌 Encryption: The process of converting plaintext data into an unreadable format called
cipher text using encryption algorithms and keys. The primary purpose is to protect sensitive
information — even if someone gains access, they cannot decipher without the decryption
key.

How Encryption Works

• Plaintext: The original, human-readable data (text, files, communication messages).
• Encryption Algorithm: A mathematical formula/process that transforms plaintext into cipher text.
• Encryption Key: A piece of information (numeric value, passphrase, or character combination)
used by the algorithm. Security of encryption depends on key strength.
• Cipher Text: The scrambled, unreadable version of the original data.
• Decryption: The recipient uses the decryption key with the decryption algorithm to reverse the
process and recover plaintext.

Types of Encryption Algorithms

1. Symmetric Encryption
📌 Symmetric Encryption: Uses a SINGLE secret key for BOTH encryption and decryption.
Both the sender and receiver use the same key.

Advantages:
• Speed and Efficiency: Faster and more computationally efficient — well-suited for large
amounts of data.
• Strong Security: High security level when using strong, randomly generated keys.
• Simplicity: Simpler to implement — one key for both operations.
Disadvantages:
• Key Distribution Problem: Securely distributing and managing the secret key is challenging. If
compromised, all encrypted data is vulnerable.
• Limited Secure Communication: Not suitable for parties who haven't met or don't share a pre-
established key.

2. Asymmetric Encryption
📌 Asymmetric Encryption: Uses TWO separate keys: a PUBLIC key (for encryption) and a
PRIVATE key (for decryption). The private key is only given to authorised users. Also called
public-key cryptography.

Advantages:
• Key Distribution: No need for a secure key distribution channel — public keys can be openly
shared.
• Non-Repudiation: The sender cannot deny sending a message (only their private key decrypts
it).
• Secure Communication with Untrusted Parties: Enables secure key exchange between parties
who have never met.
Disadvantages:
• Computational Complexity: Algorithms are computationally intensive → slower performance,
especially for large data volumes.
• Key Length: Longer key lengths needed for equivalent security compared to symmetric keys.

Symmetric vs. Asymmetric Encryption — Comparison Table

Feature Symmetric Encryption Asymmetric Encryption
Keys Used Single shared secret key Public key (encrypt) + Private
key (decrypt)
Key Holders Same key for sender AND Different keys for sender and
receiver receiver
Speed Fast — computationally less Slow — complex mathematical
complex operations
Data Volume Suitable for large amounts of Better for small amounts or key
data exchange
Key Distribution Requires secure channel to Public key can be shared openly
share key
Security Risk If key is compromised, all data Compromise of public key
is at risk doesn't expose data
Non-Repudiation Not provided Provided — sender's private key
is unique
Common Use Bulk data encryption, Digital signatures, secure
performance-critical communication setup, SSL/TLS
EXERCISE SOLUTIONS — CHAPTER 1
This section contains complete solutions for all MCQs, Short Response Questions (SRQs), and
Extended Response Questions (ERQs) from pages 61–65 of the textbook.

PART A: Multiple-Choice Questions (MCQs) — With Answers &

Explanations

Q1. What are the two fundamental digits used in binary code?
a) 0 and 2
b) 1 and 3
c) 0 and 1
d) A and B
✅ Answer: c | Binary number system has exactly two digits: 0 (off/no current) and 1 (on/current
flows).

Q2. How many bits does the ASCII code use to represent a character?
a) 8 bits
b) 16 bits
c) 32 bits
d) 64 bits
✅ Answer: a | ASCII uses 7 bits to represent 128 characters, but the extended version uses 8
bits (1 byte). The textbook mentions 7 or 8 bits; option (a) 8 bits is the standard answer given.

Q3. In a digital computer, what do logic levels "0" and "1" represent in terms of
voltage?
a) 0V for "0" and 5V for "1"
b) 0V for "1" and 5V for "0"
c) 0V for both "0" and "1"
d) 5V for both "0" and "1"
✅ Answer: a | Logic 0 = Low Voltage (~0V). Logic 1 = High Voltage (~5V). Current flows → 1
(ON); no current → 0 (OFF).

Q4. Which of the following logic gates produces a HIGH (1) output only when ALL of
its inputs are HIGH (1)?
a) AND gate
b) OR gate
c) NOT gate
d) XOR gate
✅ Answer: a | AND gate: F = x·y → output is 1 ONLY when ALL inputs are 1. This is its
defining property.
Q5. Which principle in Boolean algebra involves interchanging AND and OR operators
while complementing variables?
a) Absorption Law
b) Identity Law
c) Principle of Duality
d) Distributive Law
✅ Answer: c | The Principle of Duality: interchange AND↔OR operators while complementing
constants (0↔1). Variables themselves are not complemented — only the operators and
constants swap.

Q6. Which principle of Boolean algebra allows interchanging the AND and OR
operators while negating the variables?
a) Complement principle
b) Dual principle
c) Inversion principle
d) Identity principle
✅ Answer: b | The 'Dual principle' (same as Principle of Duality). This question uses slightly
different wording — the answer is (b) Dual principle.

Q7. Which phase of SDLC involves assessing whether the proposed software/system
is feasible in terms of resources and budget?
a) Design Phase
b) Analysis Phase
c) Feasibility Study Phase
d) Coding Phase
✅ Answer: c | The Feasibility Study Phase evaluates technical, economic, operational, legal,
and schedule feasibility — including resources and budget.

Q8. Which phase of SDLC focuses on understanding user expectations and

identifying software requirements?
a) Maintenance/Support Phase
b) Deployment/Implementation Phase
c) Requirement Engineering Phase
d) Testing/Verification Phase
✅ Answer: c | Requirement Engineering Phase: gathers, analyses, documents, and manages
requirements — focused entirely on understanding user expectations.

Q9. Which Agile model phase involves evaluating the software to identify and fix
defects?
a) Design
b) Testing
c) Deployment
d) Requirements Gathering
✅ Answer: b | Testing phase in Agile involves both automated and manual testing,
continuously running parallel with development to identify and fix defects.

Q10. Which software development model is characterised by iterative development

and frequent updates throughout the project's lifecycle?
a) Waterfall Model
b) Agile Model
c) Feasibility Model
d) Design Model
✅ Answer: b | Agile Model: iterative, incremental, with frequent updates and continuous
delivery throughout the project lifecycle.

Q11. Which type of topology is known for its high redundancy and reliability?
a) Bus Topology
b) Star Topology
c) Mesh Topology
d) Ring Topology
✅ Answer: c | Mesh Topology: every node connects to ALL others, providing maximum
redundancy. If one path fails, data takes an alternative route.

Q12. What is the main disadvantage of Ring Topology?

a) Limited bandwidth
b) High cost
c) Complex installation
d) Prone to failure
✅ Answer: a | Ring topology's main disadvantage: all devices share the same communication
path → limited bandwidth → bottlenecks and reduced transmission speed.

Q13. What type of topology combines elements from multiple topologies to create a
more efficient network?
a) Star Topology
b) Bus Topology
c) Mesh Topology
d) Hybrid Topology
✅ Answer: d | Hybrid Topology combines elements from star, tree, ring, and bus topologies to
create an interconnected network with multiple pathways.

Q14. What type of scalability involves adding more identical virtual machines or
instances in cloud computing?
a) Horizontal Scalability
b) Vertical Scalability
c) Linear Scalability
d) Elastic Scalability
✅ Answer: a | Horizontal Scalability (Scaling Out): adding more identical instances/VMs.
Vertical Scalability (Scaling Up) = upgrading an existing instance's resources.

Q15. Which of the following is NOT a common type of malware?

a) Viruses
b) Worms
c) Spyware
d) Firewall
✅ Answer: d | A Firewall is a PROTECTION method (network security device/software), NOT a
type of malware. Viruses, Worms, and Spyware are all types of malware.

Q16. What is the main advantage of asymmetric encryption over symmetric

encryption?
a) Faster encryption and decryption
b) Simplified key distribution
c) Non-repudiation
d) Lower computational complexity
✅ Answer: b | The main advantage of asymmetric encryption: simplified key distribution —
public keys can be openly shared without a secure channel. Symmetric encryption requires a
secure channel to share the secret key.

Q17. What type of attack involves cybercriminals impersonating trusted entities to

deceive users into revealing sensitive information?
a) Malware attack
b) Denial of Service attack
c) Phishing attack
d) Insider threat
✅ Answer: c | Phishing: cybercriminals impersonate trusted entities (banks, companies) to
deceive users into revealing login credentials, credit card details, etc.

Q18. What type of encryption uses a single, secret key for both encryption and
decryption?
a) Asymmetric encryption
b) Public-key encryption
c) Symmetric encryption
d) Triple DES encryption
✅ Answer: c | Symmetric encryption uses ONE shared secret key for BOTH encryption and
decryption. Asymmetric encryption uses two separate keys (public + private).

Q19. What does 2FA (Two-Factor Authentication) require for user access?
a) Two different passwords
b) Two different encryption keys
c) Two different authentication methods
d) Two different user accounts
✅ Answer: c | 2FA requires two different forms of verification: typically something you KNOW
(password) + something you HAVE (OTP from mobile app) — two different authentication
methods.

Q20. What is the primary purpose of a firewall in cybersecurity?

a) Encrypting data
b) Monitoring network traffic
c) Blocking malicious traffic
d) Generating strong passwords
✅ Answer: c | The primary purpose of a firewall is to BLOCK malicious traffic. It monitors
incoming/outgoing traffic and establishes a barrier to filter and block dangerous traffic.
PART B: Short Response Questions (SRQs) — Complete Answers

Q1. What is the principle of duality in Boolean algebra, and why is it important in
digital logic?

The Principle of Duality states that for any given Boolean expression, a dual expression can
be obtained by interchanging the AND (·) and OR (+) operators while also replacing
constants: 0s become 1s and 1s become 0s.
Importance in Digital Logic: (1) It confirms that Boolean laws come in symmetric pairs —
understanding one form automatically gives knowledge of its dual. (2) It simplifies the
process of proving new Boolean identities. (3) It helps in designing complementary logic
circuits. (4) It reduces the number of independent rules to memorise, since each rule implies
its dual.

Q2. How do memory circuits use logic gates? Give their significance in digital
systems.

Memory circuits use logic gates to construct flip-flops and latches, which are the fundamental
building blocks of digital memory.
A Flip-flop is a digital circuit built from logic gates (typically NAND or NOR gates) that stores
exactly 1 bit of binary information. It has two stable states (0 or 1) and can switch between
them based on input signals. Flip-flops are used in registers, counters, and memory cells in
CPUs.
A Latch is similar to a flip-flop but is level-triggered (responds to the state of the input) rather
than edge-triggered. Latches are used in memory storage elements and data-path circuits.
Significance: (1) Without logic-gate-based flip-flops and latches, computers could not store
and retrieve data. (2) They enable the CPU to maintain state information during calculations.
(3) They form the basis of RAM, registers, and all sequential logic in computers.

Q3. Provide two examples of data encoding and decoding applications that involve
logic gates.

Example 1 — Communication Systems: Logic gates are used to encode data (convert
information into a transmittable format) before sending it over a communication network, and
to decode it at the receiving end. For example, in Ethernet networks, Manchester encoding
uses XOR gates to combine the data signal with a clock signal for transmission.
Example 2 — Digital-to-Analog Converters (DAC) and Analog-to-Digital Converters (ADC):
Logic gates encode analog sensor readings (e.g., temperature, sound) into binary digital
data and decode binary signals back into analog form for output (e.g., speakers).

Q4. Give three uses of logic gates.

1. Memory Circuits: Logic gates build flip-flops and latches that store binary information in
digital memory systems.
2. Calculator Circuits: Basic arithmetic operations (addition, subtraction, multiplication) in
calculators are performed using combinations of logic gates (e.g., half-adder and full-adder
circuits using XOR and AND gates).
3. Data Encryption and Decryption: Cryptographic algorithms employ logic gates to encrypt
sensitive data before transmission and decrypt it upon receipt, ensuring secure
communication.

Q5. What is the primary purpose of the Software Development Life Cycle (SDLC)?

The primary purpose of SDLC is to provide a structured framework and methodology for
planning, writing, modifying, and maintaining software. It guides developers through
systematic phases to ensure that the final software product meets user requirements, is
delivered on time, within budget, and with high quality. SDLC reinforces best practices in
software engineering and helps manage complex development projects by breaking them
into manageable, clearly defined phases.

Q6. Name the different phases of SDLC.

The 11 phases of SDLC are: (1) Defining the Problem Phase, (2) Planning Phase, (3)
Feasibility Study Phase, (4) Analysis Phase, (5) Requirement Engineering Phase, (6) Design
Phase, (7) Development/Coding Phase, (8) Testing/Verification Phase, (9)
Deployment/Implementation Phase, (10) Documentation Phase, and (11)
Maintenance/Support Phase.

Q7. Why is a feasibility study important in SDLC? Give three reasons.

A feasibility study is crucial because it evaluates whether the proposed system is viable
before significant resources are invested. Three key reasons:
1. Technical Feasibility: Assesses whether the required technology (hardware, software,
tools) is available or can be developed. Prevents investing in a project that cannot be
technically implemented.
2. Economic Feasibility: Evaluates the financial viability by comparing costs and benefits.
Ensures the project is worth the investment and will deliver return on value.
3. Schedule Feasibility: Determines whether the system can be completed within the
required timeframe. Avoids committing to unrealistic deadlines that could lead to project
failure.

Q8. How does the design phase contribute to the development of a software system?

The Design Phase transforms the requirements gathered during analysis into a concrete
plan for how the software will be built. Its contributions include:
System Architecture Planning: Defines the overall structure of the software — how modules
interact, data flows between components, and what technologies are used.
Algorithm Development: Creates precise, step-by-step procedures for solving specific
problems within the system.
Flowchart Creation: Produces diagrammatic representations of algorithms to visualise the
sequence of steps and decision points.
UML and Design Patterns: Uses Unified Modelling Language to communicate the design
visually and employs proven design patterns for reusable, maintainable solutions.
Without a thorough design phase, developers would code without a plan, leading to
inconsistencies, poor performance, and costly rework.

Q9. What is the significance of testing/verification in SDLC?

Testing/Verification is one of the most critical phases of SDLC because:

1. Error Detection: Testing executes programming modules specifically to detect bugs
(errors) that were not caught during development. Finding and removing bugs is called
debugging.
2. Quality Assurance: Ensures the software meets the required specifications and expected
performance — directly determining the quality of the final product.
3. Cost Savings: Bugs found early (during testing) are far cheaper to fix than bugs
discovered after deployment.
4. Black Box Testing tests output correctness without knowledge of internal code; White Box
Testing evaluates internal logic and code paths — together they provide comprehensive
coverage.

Q10. Give three advantages and two disadvantages of Bus Topology in networking.

Advantages: (1) Easy to install and maintain — all nodes connect to a single cable,
eliminating complex wiring. (2) Cost-effective — only one cable needed, no requirement for
multiple switches. (3) Fast data transmission — all nodes on the same cable facilitates quick
data transfer for small networks.
Disadvantages: (1) Limited bandwidth — all nodes share the same bandwidth, leading to
congestion and slow transmission speeds under heavy traffic. (2) Single point of failure — if
the main cable is damaged or cut, the ENTIRE network fails.

Q11. How does Mesh Topology provide redundancy in network communication?

In Mesh Topology, every node connects directly to ALL other nodes in the network. This
creates multiple simultaneous communication paths between any two nodes.
Redundancy mechanism: If one connection or node fails, data can automatically be rerouted
through one of the many alternative paths. For example, in a mesh network of 4 nodes (A, B,
C, D), if the direct A↔B link fails, data can still travel A→C→B or A→D→B. This ensures
continuous data transmission even during hardware failures, making mesh topology highly
reliable for critical applications like military communications and data centres.

Q12. Compare and contrast Horizontal Scalability and Vertical Scalability in cloud
computing.

Horizontal Scalability (Scaling Out): Increases the NUMBER of servers/instances handling

the workload. New identical servers are added and the load is distributed among them using
load balancing. Ideal for high availability and near-zero downtime. Easier and quicker to
accomplish. Suitable for distributed architectures.
Vertical Scalability (Scaling Up): Increases the CAPACITY of a single existing server by
adding more resources (CPU, RAM, disk, network bandwidth). Simpler conceptually but has
a physical limit — there's a maximum to how much one machine can be upgraded. Can be
costly and may cause downtime during upgrades.
Key Difference: Horizontal adds MORE machines; Vertical makes ONE machine MORE
powerful.

Q13. Define cybersecurity. Also give its significance in today's interconnected world.

Definition: Cybersecurity is the protection of internet-connected systems — including

computers, servers, mobile devices, electronic systems, networks, and data — from
malicious attacks, unauthorised access, damage, and theft.
Significance in today's world: As digitisation increases, more data is stored and transmitted
electronically, making cyberattacks more frequent and damaging. Cybersecurity is significant
because it: (1) Protects sensitive personal and financial data, (2) Safeguards critical national
infrastructure (power, healthcare, transport), (3) Ensures business continuity and prevents
financial losses, (4) Protects national security from cyber warfare, (5) Preserves individual
privacy rights in a world where personal data is widely collected.

Q14. Name three common types of cybersecurity threats.

1. Malware (Malicious Software): Includes viruses (attach to programs), worms (self-replicate

across networks), Trojans (disguised harmful software), ransomware (encrypts data for
ransom), and spyware (secretly collects user information).
2. Phishing: Social engineering attacks where cybercriminals impersonate trusted entities via
email or other channels to steal sensitive information like passwords and credit card
numbers.
3. DDoS Attacks (Distributed Denial of Service): Multiple compromised devices coordinate to
flood a target system with excessive traffic, making it inaccessible to legitimate users.

Q15. What is the role of encryption in cybersecurity, and how does it protect sensitive
data?

Role of Encryption: Encryption converts plaintext data into an unreadable format called
cipher text using mathematical algorithms and keys. It plays a fundamental role in
cybersecurity by ensuring data confidentiality — even if unauthorised parties intercept the
encrypted data, they cannot read it without the correct decryption key.
How it protects data: (1) During transmission over networks, encryption makes intercepted
data meaningless to attackers. (2) At rest (stored data), encryption protects against
unauthorised access if storage media is stolen. (3) It provides integrity — any tampering with
encrypted data is detectable. (4) In asymmetric encryption, it also provides authentication
and non-repudiation.

Q16. Differentiate between symmetric and asymmetric encryption methods.

Symmetric Encryption: Uses ONE shared secret key for BOTH encryption and decryption.
The same key is used by both sender and receiver. It is FAST and computationally efficient
— suitable for encrypting large volumes of data. Main disadvantage: the key must be
securely distributed to both parties (key distribution problem).
Asymmetric Encryption: Uses TWO separate keys — a PUBLIC key for encryption and a
PRIVATE key for decryption. The public key can be openly shared; only the private key is
kept secret. It SOLVES the key distribution problem and enables secure communication
between parties who have never met. Main disadvantage: computationally slower and more
complex — less suitable for large data.

Q17. Why is it essential for individuals and organisations to keep their software up to
date in terms of cybersecurity?

Keeping software up to date is essential because: (1) Software updates patch known
vulnerabilities — security flaws discovered after release are fixed in updates, closing
loopholes that attackers could exploit. (2) Outdated software is a primary target for malware
attacks (ransomware, viruses) because attackers specifically target known, unpatched
vulnerabilities. (3) Updates introduce new security features that better defend against
emerging threats that didn't exist when the original software was released. (4) Many cyber-
attacks specifically target organisations running outdated versions of software. (5)
Compliance: many industry regulations require software to be kept current as a security
standard.

Q18. What is 2FA (Two-Factor Authentication)? Give its importance in securing user
accounts.

Definition: 2FA (Two-Factor Authentication) is an authentication method that requires users

to provide TWO different forms of verification before gaining access to an account. Typically:
(1) Something you KNOW — a password, and (2) Something you HAVE — a one-time
password (OTP) sent to your mobile phone or generated by an authenticator app.
Importance: (1) Even if an attacker obtains your password, they cannot access the account
without the second factor (your phone/device). (2) Significantly reduces the risk of
unauthorised access from credential theft, phishing, and brute-force attacks. (3) Adds an
extra layer of security for sensitive accounts such as banking, email, and corporate systems.
Example: online banking — login with password + unique OTP sent to smartphone.

Q19. What is the primary purpose of a firewall in network security, and how does it
work?

Primary Purpose: A firewall's primary purpose is to BLOCK malicious network traffic. It

controls what traffic is allowed into and out of a network, establishing a protective barrier
between a trusted internal network and untrusted external networks (like the internet).
How it works: A firewall monitors all incoming and outgoing network traffic against a set of
predefined security rules. Traffic that matches the rules is allowed; traffic that doesn't match
(or matches block rules) is dropped. For example, a firewall can block all incoming requests
from unknown or suspicious IP addresses, preventing hackers from accessing corporate
network resources. Firewalls can be hardware-based (physical devices), software-based
(installed on computers), or both.

Q20. What are the characteristics of a strong password? Give two examples.

Characteristics of a strong password: (1) Length: At least 12 characters — longer passwords

are exponentially harder to crack. (2) Complexity: Mix of uppercase letters, lowercase letters,
numbers, and special characters (!, @, #, $, %). (3) Unpredictability: Avoid easily guessable
information like names, birthdays, or common phrases (e.g., 'password123'). (4)
Uniqueness: Use a different password for each account — reusing passwords means one
compromised account endangers all others.
Examples: P@sswOrd$Secur3! and Gr33nHOlid@y$ROck! — both include uppercase,
lowercase, numbers, and special characters in an unpredictable combination.
PART C: Extended Response Questions (ERQs) — Detailed Answers

Q1. Design logic circuits for the following Boolean functions.

To design a logic circuit from a Boolean function, identify the operations needed and assign the
appropriate gates. Below is the gate description for each function:
Function Gates Required & Circuit Description
E1 = (A+B)·(Ā+B̄ ) Step 1: OR gate for (A+B). Step 2: NOT gates
for Ā and B̄ . Step 3: OR gate for (Ā+B̄ ). Step 4:
AND gate combining the two OR outputs. Final
output = AND[(A+B), (Ā+B̄ )].
E2 = (A·B) + (A+B)·C Step 1: AND gate for A·B. Step 2: OR gate for
(A+B). Step 3: AND gate combining (A+B) with
C. Step 4: OR gate combining A·B with
(A+B)·C.
E3 = (A·B+C) + A·(C+B) Step 1: AND gate for A·B. Step 2: OR gate for
(A·B+C). Step 3: OR gate for (C+B). Step 4:
AND gate for A·(C+B). Step 5: Final OR gate.
E4 = (A+B)·B̄ + (A+C) Step 1: OR gate for (A+B). Step 2: NOT gate
for B̄ . Step 3: AND gate for (A+B)·B̄ . Step 4:
OR gate for (A+C). Step 5: Final OR gate.
E5 = x̄ ȳz + x̄ yz̄ + xȳz̄ + xyz 3 NOT gates (x̄ , ȳ, z̄ ). 4 AND gates (one per
term). 1 four-input OR gate combining all terms.
E6 = xz̄ + xy NOT gate for z̄ . AND gate for xz̄ . AND gate for
xy. OR gate combining both.

How to Draw These Circuits in an Exam

1. Write the Boolean expression and identify the operations from innermost to outermost.
2. For each complemented variable (with a bar), draw a NOT gate.
3. For each AND operation (·), draw an AND gate with the appropriate inputs.
4. For each OR operation (+), draw an OR gate.
5. Connect gates in the correct order, feeding outputs of inner operations as inputs to outer
gates.
6. Label all inputs and the final output.

Q2. Draw Truth Tables for the Boolean Functions in Q1.

A truth table lists ALL possible input combinations and their corresponding output. For n variables,
there are 2ⁿ rows.

E5 = x̄ ȳz + x̄ yz̄ + xȳz̄ + xyz (3 variables, 8 rows)

x y z x̄ ȳz x̄ yz̄ xȳz̄ xyz E5
0 0 0 0 0 0 0 0
0 0 1 1 0 0 0 1
0 1 0 0 1 0 0 1
0 1 1 0 0 0 0 0
1 0 0 0 0 1 0 1
1 0 1 0 0 0 0 0
1 1 0 0 0 0 0 0
1 1 1 0 0 0 1 1

Note: Output E5 = 1 for rows: (0,0,1), (0,1,0), (1,0,0), (1,1,1) — shown highlighted in green above.

Q3. Simplify the Following Boolean Functions Using K-Maps.

Function K-Map Simplification & Result

E1 = AB + ĀB + AB̄ Plot: AB→cell(1,1), ĀB→cell(0,1),
AB̄ →cell(1,0). Group 1: AB and ĀB (vertical
pair) → B (A eliminated). Group 2: AB and AB̄
(horizontal pair) → A (B eliminated). Simplified:
E1 = A + B
E2 = ABC + ĀBC + ĀB̄ C + AB̄ C All four terms have C=1. Group all four → C (A
and B both eliminated). Simplified: E2 = C
E3 = ABC + ĀBC + ĀB̄ C̄ + AB̄ C̄ Group 1: ABC and ĀBC (differ in A) → BC (A
eliminated). Group 2: ĀB̄ C̄ and AB̄ C̄ (differ in A)
→ B̄ C̄ . Simplified: E3 = BC + B̄ C̄
E4 = ABC + ĀBC + AB̄ C + ĀB̄ C + ĀB̄ C̄ Group 1 (4 cells): ABC, ĀBC, AB̄ C, ĀB̄ C (all
C=1) → C. Group 2: ĀB̄ C̄ with adjacent ĀBC →
ĀB̄ . Simplified: E4 = C + ĀB̄
E5 = x̄ ȳz + x̄ yz̄ + xȳz̄ + xyz Cannot be grouped as a full group of 4 or 2
eliminating all. Each term is isolated or pairs
diagonally. Group x̄ ȳz + xȳz̄ can't pair (not
adjacent). Using SOP: E5 = x̄ ȳz + x̄ yz̄ + xȳz̄ +
xyz (check if simplifiable to xz + x̄ yz̄ + x̄ ȳz —
depends on K-map adjacency checks).
Simplified form: E5 = x⊕y⊕z (XOR of all three
variables)
E6 = xz̄ + xy Two 2-variable terms. Cannot eliminate
variables between them (different variables).
Can factor: E6 = x(z̄ +y). Simplified: E6 = x(y +
z̄ )

Q4. Compare and Contrast the Waterfall Model and Agile Model. Which is More Suitable
for Modern Development?
Both Waterfall and Agile are Software Development Life Cycle models, but they represent
fundamentally different philosophies about how software projects should be managed.
 Aspect Waterfall Model Agile Model
Development Approach Sequential — phases must Iterative — development
complete before next begins happens in short cycles (sprints)
Flexibility Inflexible — changes are costly Highly flexible — changes
once a phase is complete welcomed at any stage
Customer Involvement Customers involved mainly at Customers involved
start (requirements) and end continuously throughout
(delivery) development
Testing Testing phase comes AFTER Testing is CONTINUOUS —
coding is complete runs parallel with development
Documentation Extensive documentation at Minimal documentation; working
every phase software is prioritised
Risk High risk — problems may only Lower risk — issues identified
emerge at end and fixed in every sprint
Delivery Single delivery at project Incremental deliveries after
completion each sprint
Best For Small projects with stable, well- Complex, large projects with
understood requirements evolving or unclear
requirements

Which Model is More Suitable for Modern Software Development?

Agile is generally MORE suitable for modern software development because:
1. Requirements Change: Modern software requirements evolve rapidly due to changing
user needs, market competition, and technological advances. Agile accommodates this
naturally.
2. Faster Delivery: Businesses need working software quickly. Agile delivers functional
increments after every sprint, providing early value.
3. User Feedback Integration: Modern development is user-centred. Agile's continuous
feedback loops ensure the product matches what users actually want.
4. Risk Management: Agile's iterative approach means problems are caught early — before
they become catastrophic.
5. However: Waterfall remains suitable for projects with fixed, well-defined requirements
(e.g., government contracts, construction software) where extensive documentation and
predictable timelines are required.

Q5. Discuss the Role of Requirements Engineering in SDLC. What Are the Challenges
and Benefits?
Requirements Engineering (RE) is a crucial phase in SDLC that focuses on gathering, analysing,
documenting, and managing requirements for the proposed system. It forms the foundation for all
subsequent development stages.

Role of Requirements Engineering:

• Requirement Gathering: Uses techniques like interviews, surveys, observation, and document
analysis to collect stakeholder needs.
 • Requirement Validation: Reviews gathered requirements to ensure they accurately reflect
stakeholder intentions and are complete and consistent.
• Requirements Management: Continually manages requirements as they evolve — incorporating
new requirements from changing regulations, evolving expectations, or new stakeholder
feedback.

Benefits of Effective RE Challenges of RE

Prevents costly errors — problems found early Stakeholder conflicts — different stakeholders
in requirements are cheaper to fix than after may have conflicting requirements
development
Ensures the system meets actual user needs, Incomplete requirements — users often cannot
increasing satisfaction fully articulate what they need
Provides a clear baseline for testing — testers Changing requirements — requirements evolve
verify against documented requirements during development, causing scope creep
Improves team communication — everyone Communication barriers — technical
works from the same documented developers and non-technical clients may
requirements misunderstand each other
Reduces project risk by identifying ambiguities Resource-intensive — gathering and validating
and contradictions early requirements takes significant time and effort

Q6. Outline the Various Methods of System Deployment/Implementation. Provide Real-

World Scenarios.
Deployment Method Description & Real-World Scenario
Direct (Cutover) The old system is ENTIRELY and
IMMEDIATELY replaced by the new system. All
users switch at once. Risk: if the new system
fails, there is no fallback. Scenario: A
government office replaces its paper-based
filing system with a new digital database
system over one weekend. Staff arrive Monday
and use only the new system.
Parallel Running Both old and new systems RUN
SIMULTANEOUSLY for a period. Outputs are
compared to verify correctness. Risk is
minimised because the old system is always
available as a backup. Scenario: A bank runs
its new core banking software alongside the
existing system for 3 months. Customer
transactions are processed in both; results are
compared to ensure accuracy before the old
system is retired.
Phased Implementation The new system is introduced GRADUALLY —
one module or department at a time — while
progressively retiring old system components.
Scenario: A university implements a new
student management system module by
module: first the admissions module, then the
examination module, then the fee management
 module, over 18 months.
Pilot The new system is first deployed to a SMALL
GROUP of users (a pilot group). Feedback is
collected and issues resolved before rollout to
all users. Scenario: A retail chain tests its new
inventory management system in 5 stores for 2
months. After successful testing and staff
feedback, the system is rolled out to all 200
stores.

Q7. Explain Bus, Star, and Ring Network Topologies. Give Their Advantages and
Disadvantages.
Network topologies define how devices are connected in a network. Three fundamental topologies are
Bus, Star, and Ring.

📌 Bus Topology: All devices connect to a SINGLE shared cable (the bus). Data travels
along the bus in both directions. Only one device can transmit at a time (managed by
CSMA/CD in Ethernet).

Advantages: (1) Simple and cheap to install. (2) Cost-effective — one cable for all devices. (3) Easy to
expand — add nodes to the cable. Disadvantages: (1) All nodes share bandwidth → congestion. (2)
Cable break = entire network fails. (3) Performance degrades as more devices are added.

📌 Star Topology: All devices connect to a CENTRAL hub or switch. The hub manages
communication between all devices. Most commonly used topology today.

Advantages: (1) Easy to install and manage. (2) Reliable — one node failure doesn't affect others. (3)
High performance due to dedicated device-to-hub links. (4) Easy to troubleshoot — isolate faulty node.
Disadvantages: (1) Hub/switch cost increases total expense. (2) Single point of failure — if hub fails,
entire network goes down.

📌 Ring Topology: All devices connect in a CIRCULAR loop. Data travels in one direction
passing through each device. A Token Ring protocol controls access — only the device with
the 'token' can transmit. FDDI is a Dual Ring variation where data travels both clockwise and
counter-clockwise.

Advantages: (1) Reliable — each device has an alternate route (especially dual ring). (2) No data
collisions — token passing ensures orderly access. (3) Performance is consistent regardless of traffic
load. Disadvantages: (1) Limited bandwidth — all devices share one path. (2) Ring break = entire
network fails (single ring). (3) Adding/removing devices disrupts the entire network. (4) Difficult to
troubleshoot.

Q8. In the Context of Cloud Computing, Elaborate on Scalability and Reliability. Provide
a Real-World Example.
Cloud computing's power largely comes from two of its most valuable characteristics: scalability and
reliability.
Scalability in Cloud Computing:
Scalability is the ability of a cloud system to handle increasing workloads by expanding resources.
There are two types:
• Horizontal Scalability (Scaling Out): Adding more server instances to distribute the workload.
Each new instance handles a portion of the total traffic using load balancing. No single server is
overwhelmed. Best for high availability and applications with fluctuating demand. Example: An
e-commerce website adds 50 new virtual servers during peak shopping season.
• Vertical Scalability (Scaling Up): Adding more resources (CPU, RAM) to an existing server
instance. The server becomes more powerful but there is a physical upper limit. Example:
Increasing a database server's RAM from 32 GB to 128 GB to handle more complex queries.

Reliability in Cloud Computing:

Reliability refers to the cloud service's ability to consistently deliver its intended functionality with
minimal downtime — often called 'high availability'. It is achieved through: Redundancy (data stored in
multiple locations), Fault Tolerance (system continues functioning when a component fails), Disaster
Recovery (plans to restore services after catastrophic failures), and Failover Mechanisms (automatic
switching to backup systems).

Real-World Example: Financial Institution Using Cloud Storage

A bank stores critical customer transaction data in a cloud-based storage system.
For Reliability: The cloud provider stores data across multiple data centres in different
geographical regions.
If one data centre experiences a power outage or network failure, the data is still
accessible from other centres — customers can continue transacting without interruption.
For Scalability: During end-of-month peak transaction periods, the bank scales out
horizontally
by provisioning additional virtual servers to handle the increased load — then scales back
in during quiet periods, paying only for what was used (measured service).

Q9. Explain Symmetric and Asymmetric Encryption Methods in the Context of

Cybersecurity.
Encryption is the process of converting plaintext into unreadable cipher text using mathematical
algorithms and keys. It is a cornerstone of cybersecurity, ensuring data confidentiality during storage
and transmission.

Symmetric Encryption:
Uses ONE shared secret key for both encryption and decryption. The same key is used by the sender
to encrypt the message and by the receiver to decrypt it. Because both parties use the same key, this
key must be securely shared in advance — this is the 'key distribution problem'.
Security Context: Symmetric encryption provides strong security when the key is kept secret. It is the
standard for encrypting large amounts of data efficiently — used in disk encryption (e.g., AES for hard
drive encryption), VPN tunnels, and secure database storage.

Asymmetric Encryption:
Uses TWO mathematically related keys: a PUBLIC key (freely shareable — used to encrypt) and a
PRIVATE key (kept secret — used to decrypt). A message encrypted with someone's public key can
only be decrypted with their corresponding private key.
Security Context: Asymmetric encryption solves the key distribution problem — public keys can be
posted on websites or directories without security risk. It provides non-repudiation (the sender cannot
deny sending). It underpins SSL/TLS (secure websites), digital signatures, and email encryption (PGP).
However, it is computationally intensive, making it unsuitable for encrypting large data volumes directly
— in practice, asymmetric encryption is typically used to securely exchange a symmetric key, which
then handles the bulk data encryption (a 'hybrid approach').

Aspect Symmetric Asymmetric

Keys 1 shared secret key 2 keys: public + private
Speed Fast Slow (complex math)
Use Case Bulk data encryption Key exchange, digital
signatures, SSL/TLS
Key Distribution Challenging — secure channel Easy — public key shared
needed openly
Examples AES, DES, 3DES RSA, ECC, Diffie-Hellman

Q10. Describe a Comprehensive Cybersecurity Strategy for a Large Organisation.

A comprehensive cybersecurity strategy uses a multi-layered 'defence in depth' approach — multiple
overlapping security layers ensure that if one layer is breached, others stop the attack.

Layer 1 — Perimeter Security

• Firewalls: Deploy hardware and software firewalls at network boundaries to filter
incoming/outgoing traffic.
• Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) to monitor and
block suspicious traffic.
• DMZ (Demilitarised Zone): Place public-facing servers in a DMZ — a network segment
isolated from the internal network.

Layer 2 — Access Control

• Strong Password Policies: Minimum 12 characters, complexity requirements, regular
mandatory changes.
• Two-Factor Authentication (2FA) on ALL critical systems and accounts.
• Role-Based Access Control (RBAC): Employees only access what their job requires
(principle of least privilege).
• Regular review and removal of inactive accounts.

Layer 3 — Data Protection

• Encrypt ALL sensitive data at rest (stored data) using AES-256 encryption.
 • Encrypt data in transit using TLS/SSL protocols for all network communication.
• Regular automated backups stored in geographically separate locations.
• Disaster Recovery Plan: Tested quarterly to ensure data can be restored rapidly.

Layer 4 — Endpoint Security

• Deploy antivirus and anti-malware software on ALL devices (computers, servers, mobile
devices).
• Keep all software, operating systems, and applications fully updated and patched.
• Mobile Device Management (MDM) for employee mobile devices.
• Disable USB ports or control removable media to prevent data theft.

Layer 5 — Human Factor & Policy

• Regular cybersecurity training for ALL employees — phishing awareness, safe browsing,
password hygiene.
• Clear cybersecurity policies and incident response plans.
• Simulated phishing attacks to test and improve employee vigilance.
• Background checks on employees with access to sensitive data.

Layer 6 — Monitoring & Response

• SIEM (Security Information and Event Management) system for real-time monitoring of
security events.
• Dedicated Incident Response Team to handle breaches rapidly — containing damage and
recovering data.
• Regular penetration testing and vulnerability assessments by external security
professionals.
• Audit logs of all system access and modifications — reviewed regularly.

This layered strategy ensures that cybersecurity is not dependent on any single measure. Even if an
attacker bypasses one layer (e.g., steals a password), subsequent layers (2FA, encryption, monitoring)
prevent or limit damage.

— END OF CHAPTER 1 COMPREHENSIVE NOTES & EXERCISE SOLUTIONS —